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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS. 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)^ Responsive to communication(s) filed on 13 February 2007 , 
2a)IEI This action is FINAL. 2b)n This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-30 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) ^ Claim(s) 1-30 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) n The drawing(s) filed on is/are: a)^ accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) n The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-{d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have bieen received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1 . Claims 1-30 remain for examination. 

Response to Arguments 

2. . Applicant's arguments filed 2/13/07 have been fully considered but they are not 
persuasive. 

3. With respect to the claim limitation "establishing a login account with login 
information at the client machine in response to the request", Applicant curiously argues 
the following: "The Office Action cites Quo et al. 's paragraplis [0032] and [0047] as allegedly disclosing 
tliese elements, Guo et al. 's paragrapti [0032] discloses tfiat user of client computer system and the 
operator of affiliate server with authentication server prior to executing the authentication process" 

(amendment, top of page 11). Examiner fails to see how this could not possibly read on 
the claim limitation, particularly as the specification defines "establishing a login 
account" as creating the account for the first time (Specification, paragraph [0013]) 
Analogously, a user of the Guo system must request an account before any of the 
remaining authentication steps can be provided, just as disclosed in paragraph 0032. It 
is further noted that the quoted passage of the specification provides for the "client 
machine" to be a server, and thus is not strictly limited to embodiments where the client 
machine can only be the user's own computer, as Examiner best understands 
Applicant's argument to be. 

4. With respect to the remaining limitations in dispute (those that deal with 
encrypted communications between the client machine and the authentication server), - 
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Applicant is reminded that Guo discloses using secure sockets (SSL) technology for all 
communications (see paragraphs 0039 and 0040; cf. explicit mention of "secure socket 
layers" in previously cited paragraph 0049). The various encryption/decryption 
limitations recited in the claims are inherent to the use of SSL in general; but even were 
that not so, as Guo discloses transmitting a password during at least the registration 
phase of the authentication process (paragraph 0032), one of ordinary skill in the art 
would have known that sending unencrypted passwords over a communication mediuhn 
(where they could be intercepted with ease) would be such a security risk as to 
completely defeat the security otherwise afforded by the Guo invention. 

5. The dependent claims are rejected for substantially similar reasons as discussed 
above 

Claim Rejections '35 use §102 

6. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

7. Claims 1-30 are rejected under 35 U.S.C. 102(e) as being anticipated by Guo et 
al. (U.S. Pre-grant Publication 2003/0217288). 

Regarding claims 1, 10-12, and 21: 

Guo discloses a method/system/program for authenticating a user's access to a 
client machine, comprising: communicating a request for access from the user machine 
to the client machine (paragraph 0045; element 32 of Figure 3); establishing a login 
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account with login information at the client machine in response to the request 
(paragraph 0032); encrypting the login information at the client machine and 
communicating the encrypted login information to the user machine (paragraph 0047); 
communicating the encrypted login information and authentication information 
associated with the user from the user machine to an authentication server (Ibid, and 
element 50 of Figure 3); and decrypting the encrypted login information at the 
authentication server and communicating the decrypted login information to the user 
machine if the authentication information is acceptable to the authentication server 
(paragraphs 0039-0040, and 0049- 0050). For the sake of clarity, it is noted that the 
"client machine" of Guo corresponds to the user machine of the claim, and the affiliate 
server(s) of Guo correspond to the "client machine" of the claim. 

Regarding claims 2, 13, and 22: 

Guo discloses all the limitations of claims 1 , 12, and 21 above. Guo further 
discloses communicating an identifier associated with the user from the user machine to 
the client machine (paragraph 0038); encrypting the identifier at the client machine and 
communicating the encrypted identifier to the user machine (paragraph 0047); 
communicating the encrypted identifier from the user machine to the authentication 
server (Ibid, and element 50 of Figure 3); decrypting the encrypted identifier at the 
authentication server (paragraphs 0039-0040); wherein the decrypted login infonnation 
is communicated to the user machine if the decrypted identifier is acceptable to the 
authentication server (Ibid, and paragraphs 0049-0050). 
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Regarding claims 3, 14, and 23: 

. Guo discloses all the limitations of claims 1, 12, and 21 above. Guo further 
discloses encrypting the identifier at the client machine and communicating the 
encrypted identifier to the user machine (paragraph 0047); communicating the 
encrypted identifier from the user machine to the authentication server (Ibid, and 
element 50 of Figure 3); decrypting the encrypted identifier at the authentication server 
(paragraphs 0039-0040); wherein the decrypted login information is communicated to 
the user machine if the decrypted identifier is acceptable to the authentication server 
(paragraphs 0049-0050). 

Regarding claims 4, 15, 24, and 28-30: 

Guo discloses all the limitations of claims 1,12, and 21 above. Guo further 
discloses communicating the login information from the user machine to the client 
machine to enable the user to access the client machine (pariagraph 0049; element 60 
of Figure 3). As claims 28-30 consist of all the limitations of claim 4, they are rejected 
by the same rationale. 

Regarding claims 5, 16, and 25: 

Guo discloses all the limitations of claims 1,12, and 21 above. Guo further 
discloses wherein the login information comprises at least one of a name and a 
password (paragraph 0032). 
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Regarding claims 6, 17, and 26: • 

Guo discloses all the limitations of claims 1, 12, and 21 above. Guo further 
discloses wherein the login information is encrypted at the client machine using a public 
key of a public key-private key pair (paragraph 0040); and the encrypted login 
information is decrypted at the authentication, server using the private key of the public 
key-private key pair (Ibid). 

Regarding claims 7, 18, and 27: 

Guo discloses all the limitations of claims 1, 12, and 21 above. Guo further 
discloses wherein the authentication identifier comprises an identifier associated with 
the user (paragraph 0032). 

Regarding claims 8 and 19: 

Guo discloses all the limitations of claims 1 and 12 above. Guo further discloses 
wherein the encrypted login information is inaccessible to the user machine (paragraph 
0051). 

Regarding claim 9: 

Guo discloses all the limitations of claim 1 above. Guo further discloses wherein 
the request for access is communicated from the user machine to the client machine, 
and the encrypted login information is communicated from the client machine to the 
user machine via a Secure Sockets Layer connection (paragraphs 0039 and 0055). 
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Conclusion 

8. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: RFC 2246: "The TLS Protocol, Version 1 .0" further expounds on 
the encryption/decryption techniques inherent to the secure sockets layer explicitly 
employed by Guo (cf. Guo, paragraphs 0039, 0040, and 0055). 

9. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 . 1 36(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tom Gyorfi whose telephone number is (571) 272-3849. 
The examiner can normally be reached on 8:30am - 5:00pm Monday - Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding tlie status of an application may be obtained from the 



Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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